Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Security Vulnerabilities on Display at RSA

There was plenty of talk about the latest threats at the RSA Conference in San Francisco this past week. Here are a few of the highlights discussed at the show.

The RSA Conference is much more vendor-driven than shows such as Black Hat and ShmooCon, but there is always room for talk about security vulnerabilities and threats in the wild.

This year, discussion of the threat landscape touched on everything from browser hijacking to wireless security to attacks on VOIP (voice over IP). More than one presenter during the conference spoke of the idea of assuming that computers in your network have been compromised.

In fact, in one presentation, Ed Skoudis, senior consultant for InGuardians, and Johannes Ullrich, chief research officer of the SANS Internet Storm Center, outlined a number of attacks targeting enterprise networks.

Among the attacks the two highlighted was the well-known "pass-the-hash" technique, a method used to compromise machines by checking a user's cryptographic hash instead of their password. The duo also highlighted attacks on VOIP as well as how hackers can infect Windows machines through drive-by downloads, turn on their wireless interfaces and use them in attacks from long distance without using radio frequency.

Further reading

While the latter is difficult to execute in Windows XP, Skoudis said the API in Vista and Windows 7 makes it "relatively easy" to write code that talks to the wireless interface. Organizations can defend against these attacks by using two-factor authentication on their WLAN (wireless LAN) and separating the wireless and wired networks through VLANs (virtual LANs) or separate physical networks, he added.

"There are bots installed in most enterprises," Skoudis declared. "My point here is instead of spending 90 percent of your security budget on prevention, take some of that-not a large amount of it, but take 5 or 10 percent of it-and rededicate it to identification and eradication. Find the bad guys in your midst and root them out. The fact of the matter is, if you do that, that should help you with your prevention in the first place because you are limiting the bad guys' ability to stay hidden and act in your network."

The concept of browser hijacking also received attention at RSA. David Barruso, e-crime director at S21sec, noted that browser hijacking is being done by three main malware families. Typically, users are affected by drive-by downloads, he said.

"There are many banks affected by [this]," he explained after his presentation.

To mitigate this, users should make sure their browsers and programs are fully patched, as well as utilize anti-virus, he advised.